ISGcloud: a Security Governance Framework for Cloud Computing

被引:8
作者
Rebollo, Oscar [1 ]
Mellado, Daniel [2 ]
Fernandez-Medina, Eduardo [3 ]
机构
[1] Minist Labour & Immigrat, Social Secur IT Management, Madrid, Spain
[2] Spanish Tax Agcy, Large Taxpayers Dept, IT Auditing Unit, Madrid, Spain
[3] Univ Castilla La Mancha, Dept Informat Technol & Syst, GSyA Res Grp, E-13071 Ciudad Real, Spain
关键词
information security governance; secure cloud governance; cloud computing; security governance framework; cloud lifecycle; INTRUSION DETECTION; SYSTEM;
D O I
10.1093/comjnl/bxu141
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Security risks to organizations' information assets are hindering the development of cloud computing services. A comprehensive security governance process is needed to foster the massive adoption of cloud services and to facilitate the deployment of a security culture within any company. In this paper, we present a framework focused on the security governance of the cloud computing environment (ISGcloud), which has been built upon standards. Its principal components are based on the ISO/IEC 38500 governance standard and on the ISO/IEC 27036 outsourcing security draft. We propose a systematic collection of activities and their related tasks which detail how security governance can be deployed during the entire cloud service lifecycle. Furthermore, the whole framework is formally modelled following the SPEM 2.0 specification that provides a standardized interface with which to automate and integrate our proposed process. The theoretical definition of our proposal is also accompanied by a practical example of its application, which provides specific details of ISGcloud framework's implementation.
引用
收藏
页码:2233 / 2254
页数:22
相关论文
共 50 条
[21]   Security Framework for Agent-Based Cloud Computing [J].
Venkateshwaran, K. ;
Malviya, Anu ;
Dikshit, Utkarsha ;
Venkatesan, S. .
INTERNATIONAL JOURNAL OF INTERACTIVE MULTIMEDIA AND ARTIFICIAL INTELLIGENCE, 2015, 3 (03) :35-42
[22]   Evaluation and Analysis on Security Framework Model of Cloud Computing [J].
Li, Zhao .
PROCEEDINGS OF THE 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER, MECHATRONICS, CONTROL AND ELECTRONIC ENGINEERING (ICCMCEE 2015), 2015, 37 :572-578
[23]   A Framework to Ensure Data Storage Security in Cloud Computing [J].
Sarkar, Mrinal Kanti ;
Kumar, Sanjay .
2016 IEEE 7TH ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS MOBILE COMMUNICATION CONFERENCE (UEMCON), 2016,
[24]   A Framework to Orchestrate Security SLA Lifecycle in Cloud Computing [J].
Rojas, Marco A. T. ;
Gonzalez, Nelson M. ;
Sbampato, Fernando V. ;
Redigolo, Fernando F. ;
Carvalho, Tereza ;
Ullah, Kazi W. ;
Naslund, Mats ;
Ahmed, Abu Shohel .
2016 11TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI), 2016,
[25]   A New Security and Privacy Framework for RFID In Cloud Computing [J].
Kardas, Suleyman ;
Celik, Serkan ;
Bingol, Muhammed Ali ;
Levi, Albert .
2013 IEEE FIFTH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), VOL 1, 2013, :171-176
[26]   Security risk assessment framework for cloud computing environments [J].
Albakri, Sameer Hasan ;
Shanmugam, Bharanidharan ;
Samy, Ganthan Narayana ;
Idris, Norbik Bashah ;
Ahmed, Azuan .
SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (11) :2114-2124
[27]   A Survey on the Security of Cloud Computing [J].
Alhenaki, Lubna ;
Alwatban, Alaa ;
Alamri, Bashaer ;
Alarifi, Noof .
2019 2ND INTERNATIONAL CONFERENCE ON COMPUTER APPLICATIONS & INFORMATION SECURITY (ICCAIS), 2019,
[28]   Security Threats in Cloud Computing [J].
Deshpande, Prachi ;
Sharma, S. C. ;
Sateeshkumar, P. .
2015 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION & AUTOMATION (ICCCA), 2015, :632-636
[29]   A note on cloud computing security [J].
Garg, Deepak ;
Sidhu, Jagpreet ;
Rani, Shalli .
INTERNATIONAL JOURNAL OF AD HOC AND UBIQUITOUS COMPUTING, 2020, 33 (03) :133-154
[30]   SFVCC: Chaotic map-based security framework for vehicular cloud computing [J].
Mishra, Dheerendra ;
Kumar, Vinod ;
Dharminder, Dharminder ;
Rana, Saurabh .
IET INTELLIGENT TRANSPORT SYSTEMS, 2020, 14 (04) :241-249